Hack Prevention

In the past few months, we have covering many ways you can go about protecting your website against hack attacks. You should protect your login page and other parts of your website to make sure hackers don’t breach your walls. I have already covered how you can use plugins such as Limit Login Attempts to stop people from messing with your login and admin pages. Restricting access to your login page by IP is a great idea too. But it is not perfect. [click to continue…]

Keeping your WordPress site secure is an ongoing process. It is well worth taking on considering that WordPress sites get attacked by hackers all the time. You should not wait for brute force attacks to get coverage on popular blogs before making your site and server secure. We have already covered some of the basic steps you need to take to harden WordPress (e.g. change default admin name, lock admin pages by IP, …). Here are 7 plugins you can use to combat Brute Force attacks:

Login Security Solution: enables you to combat brute force and dictionary attacks more effectively. It tracks IP addresses, usernames, and passwords and logs out users when their account is breached. [click to continue…]

Sucuri is one of the best malware monitoring and clean-up services around. All webmasters have to deal with security and hacking issues once in a while. Using services such as Sucuri would enable them to address security issues in a more proactive fashion. Sucuri not only helps with the clean-up process but it can also check your server files for malware, backdoors, phishing, and other security issues. You can always keep an eye on your site by installing Sucuri’s WordPress plugin. Enabling Sucuri’s Server Side Scanning is an even better idea.

A while ago, we covered Security Ninja for WordPress. It is a powerful security plugin that shows you which areas you need to address to harden WordPress and keep it protected against brute force and other types of hack attacks. While the plugin offers a lot of features, it does not cover everything. Core Scanner is a cool add-on you can pick up to extend the capabilities of Security Ninja.

Keeping your WordPress install secure against hack attacks is a no brainer for those of you who want to keep your loyal readers, preserve your search engine rankings, and avoid having to waste time trying to get your site back online again. We have been hacked before many times. In most of those cases, we were to blame for having badly coded themes or plugins. Using unsafe code on your server is one way to leave your site wide open to hack attacks. These 5 plugins help you scan theme files and identify exploits or dangerous files:

Wordfence Security: this plugin not only adds a firewall and virus scanning capability to your site but also scans core files, themes and plugins against WordPress.org repository versions to determine their integrity. [click to continue…]

Many webmasters do not pay attention to the code in their templates or plugins. If your site has security holes or even malware, you are going to get in trouble. You could always check your code manually. These code scanners could also identify issues with your code:

Sucuri: the service we currently use to protect our sites. It not only has a site scanner but also a cool WordPress plugin to keep you informed on what’s happening on your site.

VIP Scanner: scans your themes and files to find out any potential issues on your server. This is basically a UI for the VIP Scanner library.

Becoming a master in WordPress security takes time and effort. There are plenty of exploits and hacks that you need to be familiar with to make sure your site is protected as much as possible. CSRF is one of those exploits. Cross-site request forgery is a tactic in which the attacker uses the trust a site has in a browser to do damage. Not all sites are protected against this type of attack (especially those running older versions of WordPress). But thanks to these 4 anti-CSRF plugins, you can keep your site protected against these types of attacks: